Skip to content

Instantly share code, notes, and snippets.

@cunnie
Last active January 30, 2017 23:17
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save cunnie/9117442e003e869b43db to your computer and use it in GitHub Desktop.
command to calculate the total length of packets of a libpcap formatted file (removes 20-byte packet overhead)
/*
attributed author: alex medvedev <alexm () pycckue org>
http://seclists.org/tcpdump/2004/q1/266
to compile on OS X Mavericks:
cc pcap_len.c -lpcap -o pcap_len
to use
sudo tcpdump -w /tmp/tcpdump.out
^C
./pcap_len /tmp/tcpdump.out
*/
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <pcap.h>
pcap_t *pd;
char errbuf[PCAP_ERRBUF_SIZE];
int total_packets = 0;
int total_length = 0;
void
countit( u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
{
total_length += h->len;
total_packets++;
}
void
sig(int signo)
{
printf("total len = %d, total packets = %d\n", total_length,
total_packets);
}
int
main(int argc, char *argv[])
{
int count;
int linktype;
char *ifname;
bpf_u_int32 localnet, netmask;
(void)signal(SIGINT, sig);
pd = pcap_open_offline(argv[1], errbuf);
if (! pd) {
puts(errbuf);
exit(1);
}
linktype = pcap_datalink(pd);
printf("linktype %s\n", pcap_datalink_val_to_name(linktype));
localnet = 0;
netmask = 0;
count = pcap_loop(pd, -1, countit, 0);
if ( count < 0)
puts(pcap_geterr(pd));
printf("total len = %d, total packets = %d\n", total_length,
total_packets);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment